EarlyTerms

ClawHub

Rising · Emerged 2026-01-03 · 107 days old

ClawHub is the public skill registry and marketplace for OpenClaw, the self-hosted personal AI agent. Developers publish text-based `SKILL.md` bundles, browse by category and vector search, and install them into any OpenClaw instance with a single `clawhub install <slug>` command.

The openclaw/clawhub repo was created January 3, 2026 and clearFrame shipped publicly shortly after — skills grew from a few hundred to 52k+ tools and 180k users by mid-April 2026. Anyone with a week-old GitHub account can publish; Hermes Agent can also install skills from the registry, making it the de-facto agent-skill npm across competing runtimes.

npm for AI agent skills — a registry with versioning, vector search, and a one-line CLI install, feeding every major self-hosted agent runtime.

Search Interest

peak ~3.2K/mo
updated 2026-04-19
~3.2K/mo ~1.6K/mo 0
2026-03-21 2026-04-05 2026-04-19
Term Lifecycle
  1. Nascent
    0–7 days
  2. Emergent
    8–30 days
  3. Validating
    31–90 days
  4. Rising ← now
    91–180 days
  5. Established
    180 days +

Why is it emerging now?

TL;DR

ClawHub crossed 52k skills and 180k users in under 16 weeks while surviving a February supply-chain attack that infected 341 skills (Koi Security / 1Password disclosure). An April 15 independent audit of 2,354 skills reset the security narrative — 4.4% malicious, 86% vulnerable — turning the registry from a feature into a category-defining piece of agent infrastructure.

6 forces driving coverage — scroll →
openclaw/clawhub
Skill Directory for OpenClaw
Jan 3, 2026 8.1k stars
ClawHub
Tools built by thousands, ready in one search
52.7k tools, 180k users, 12M downloads, 4.8 avg rating as of mid-April 2026.
Y Hacker News
Top downloaded skill in ClawHub contains malware (1password.com)
Feb 5, 2026 334 points · 151 comments
1Password
How OpenClaw's agent skills become an attack surface
Malicious Twitter skill staged macOS infostealer via fake openclaw-core dependency; campaign named ClawHavoc.
Feb 5, 2026
Trent AI
2,354 Popular ClawHub Skills Analysed: distinguishing malicious from vulnerable
103 malicious (4.4%), 86% vulnerable-but-not-hostile; VirusTotal caught only 1 of 103.
Apr 15, 2026
The New Stack
Hermes already supports installing community skills from ClawHub
Cross-runtime installability makes ClawHub the de-facto skill registry across competing agent harnesses.

Outlook

6-month signal projection and commercial timeline.

Signal high
Revenue moderate

Registry network effects compound with OpenClaw's 359k stars; Hermes already installs ClawHub skills, cementing it as cross-runtime default.

Risk · If ClawHavoc-style supply chain attacks recur, enterprise adoption could stall and a curated fork could peel off the top tier.

Analogs · npm · Hugging Face Hub · VS Code Marketplace

Monetization timeline
  1. now
    Free registry, adjacent paid

    Registry itself free; money flows to hosting, audits, skill-bundle courses, and commercial ClawHub mirrors.

  2. 3-6mo
    Paid security + directories

    Paid scanners and curated-skill directories emerge as ClawHavoc-style attacks sustain enterprise scanning demand.

  3. 6-12mo
    Managed registry tier

    Enterprise registry with signed skills, SBOMs, and compliance-ready mirrors becomes the monetization wedge.

Competition & Opportunity for term “ClawHub”

Three heuristic signals derived from the tracked queries, the term's monetization cards, and its cluster neighbors. Directional, not audited.

Content Gap
20 queries tracked
Led by General (17), Tutorial (2)
10 Suggest-only tails — long-tail opening
Revenue Potential
0% commercial-intent queries
2 monetization angles mapped
Mostly informational — pre-commercial
Build Difficulty
High
Stage: rising — red-ocean, crowded
13 / 13 default TLDs taken · oldest incumbent clawhub.com (2018-08-22)
6 related terms already published
Heuristic · signals: tracked queries, term monetization cards, cluster neighbors

Ideas for term “ClawHub”

Buildable pitches — turn this term into an article, site, product, post, newsletter, video, or course. Steal any card and run with it.

Article
The 20 Best ClawHub Skills Every OpenClaw User Should Install in 2026

52k skills, no first-party top-20 list; DataCamp and community blogs split the SERP. Evergreen ranking + CPC from OpenClaw-adjacent tools (hosting, audits).

Article
How to Publish Your First ClawHub Skill: A Practical SKILL.md Walkthrough

Official docs explain CLI commands but no end-to-end publishing tutorial covers naming, versioning, and passing the week-old-account gate. High-intent query with growing volume.

Article
ClawHub Security Guide: How to Audit a Skill Before You Install It

After ClawHavoc and the 4.4% malicious rate, 'is this ClawHub skill safe' is a live worry. Walkthrough + checklist + links to Trent/Koi scanners answers the exact question.

Article
ClawHub vs HermesHub vs Claude Code Plugins: Where Should You Publish in 2026?

Creators of reusable agent skills now have three target registries. No comparison of publishing economics, review policies, or install reach exists on page one.

Website
A curated 'ClawHub Trusted' directory with per-skill audit reports

trent.ai and claw-hub.net already hint at the gap. A site that runs continuous scans, publishes per-skill reports, and issues a trust badge rides the security narrative as a SEO and affiliate play.

Product
ClawHub static-analysis CLI: a SAST for SKILL.md bundles

Prompt-injection, credential-harvesting, and phantom-implementation patterns are well-documented. A `clawhub-audit <slug>` tool with a paid CI integration addresses enterprise concern directly.

Product
Cross-hub publishing CLI (ClawHub + HermesHub + Claude Marketplace)

Skill authors currently hand-copy metadata across registries. A one-shot publisher with consistent versioning saves hours and becomes the default author tool across runtimes.

Post
I Published 10 Skills to ClawHub in a Weekend. Here's the Money, the Bugs, and the Surprises.

First-person HN / dev.to piece. Publishing economics, review friction, install analytics, the ClawHavoc angle — all unreported from an author POV.

Post Newsletter / LinkedIn
The Year AI Agents Got an npm

ClawHub went from an empty GitHub repo on January 3 to 52,000 skills and 180,000 users by April — npm took three years to hit that curve.

Post HN / r/programming
ClawHub Had a 4.4% Malicious Rate. We're Still Going to Use It.

Trent AI audited 2,354 ClawHub skills. 103 were malicious, 86% vulnerable, and traditional scanners caught almost none. The surprising part: enterprises are leaning in harder, not pulling out.

Post YouTube / Tech media
I Shipped a ClawHub Skill in 20 Minutes. Then I Tried to Make It Safe.

Publishing to ClawHub takes a week-old GitHub account and one CLI command. Making that skill actually safe for a stranger's agent took me three days.

What People Search

Long-tail queries from Google Suggest + Trends. Volume and competition are heuristics — directional, not audited. Content Type comes from query shape.

Keyword
Competition
Content Type
clawhub
Very Low
General
clawhub skills
Very Low
General
clawhub rate limit exceeded
Very Low
General
clawhub rate limit
Very Low
General
clawhub install
Very Low
Tutorial
clawhub github
Very Low
Showcase
clawhub login
Very Low
General
clawhub cli
Very Low
General
1–8 of 20
1 / 3
Updated 2026-04-19 · sources: Google Trends, Google Suggest · Competition is heuristic

SERP of term “ClawHub”

What searchers see today — organic results on top, paid ads if anyone's bidding. Ad density is a real-time commercial signal.

Related Terms

Other terms in the same space — aliases, subtypes, competitors, and neighbors to explore next.

Explore next
Also mentioned
  • Competitor HermesHub·VS Code Marketplace
  • Related ClawHavoc·agentskills.io

Sources

Primary URLs this report cites — open any to verify the claim yourself.

  1. 01 ClawHub — official marketplace clawhub.ai
  2. 02 openclaw/clawhub on GitHub github.com
  3. 03 OpenClaw docs — ClawHub reference docs.openclaw.ai
  4. 04 1Password — From Magic to Malware 1password.com
  5. 05 Trent AI — 2,354 ClawHub Skills Analysed trent.ai
  6. 06 The New Stack — Persistent AI Agents Compared thenewstack.io
  7. 07 eSecurity Planet — Malicious Skills Found in ClawHub esecurityplanet.com